Monster Gets A Monster Of A Hack Again
By Dan Morrill
Article Date: 2009-01-26
Monster has been been hacked again, along with USAJobs.gov (which monster runs), this time with a loss of information for people who are seeking jobs. Be careful which job opportunities you respond to, and change your password.
Monster.com and USAJobs.gov have been hacked with the loss of login information, contact information, and in some cases, phone numbers, demographic information and userid's and passwords. If you have an account there it is time to change your password, and do not make it the same as everywhere else. You might just want to change all your passwords if you use the same one everywhere you go.
As is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database. We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. Monster does not generally collect - and the accessed information does not include - sensitive data such as social security numbers or personal financial data. Source: Monster.com
What is interesting, and hence the under reporting of this break in was that Monster decided that they would just simply do a press release on their web site rather than letting people know by email. If you do not follow the security blogs, and have not been to monster lately you probably didn't know about this issue. The good part and for this monster gets many kudo's they have a warning message prominently displayed on their web site on the right hand side right below the login that there is a new security notice.
While they might not have sent you an e-mail, they are at the very least pushing a good warning label on their home page, and the press release is legible to just about everyone. Monster did ok here, and much better than their first data breech.
Go change your passwords, today.
About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.